I can't say definitively whether it will work or not since I have never used Status.Set. I use Stream.Publish with the following code before I put together my call to the Stream.Publish method:
api.Session.UserId = user.UserID;
api.Session.SessionKey = user.SessionKey;
where I have a user object with the UserID and SessionKey I saved into my database.
You need to be sure the session key you are getting is the infinite, non-expiring session key obtained after getting the offline_access extended permission. It has a different pattern to it, something along the lines of: d9024038a6fcef982c7d942a-720447790
where to bit after the hyphen is the userid. The temporary/expiring session keys are longer, such as 3._DgEbtLYNtdjy2NToujO9Q__.3600.1269043200-681899212 (again, the number after the hyphen is the userid). You can also get the session expiration
date and expires flag to test if you got the infinite session key.
I did have significant trouble obtaining the user's non-expiring "infinite" session key after prompting for the offline_access permissions, but some of those were related to the design approach I took. I delay prompting for permissions as
long as possible and only prompt for the minimum permissions I need, and I wanted to do it in an ajax-y way for a better user experience. I don't want to scare users away by prompting for things I don't need until I know I need them. There are
at least three or four different ways to prompt for and obtain extended permissions, and some of them are pretty unreliable/buggy, relying on cookies being updated with the new session key. The only method I found reliable and in keeping with my design